I already paid, it comes off my payroll. I want my money back.
Given that they owe me a huge wad of cash, the government might actually be quite happy if I didn't file.
As an aside, in Ontario where I live, there is a checkbox at the end of the tax forms asking if I want to donate all or part of my refund to help pay down Ontario's public debt. If I filed on paper, I would probably add a checkbox saying "Like hell, you greedy bastards", and check that one.
I'm dying to find somebody who actually checks that box every year, because I have some land I want to sell him.
If the US army was such a terrifically well run organization they would not have ended up turning the Iraqi prison camps into torture chambers. Either there is a serious discipline problem or the senior officers gave illegal orders that the soldiers had a duty to refuse.
I work with a retired Air Force Captain who has the same perspective. As he explains it, either the officers ordered the troops to mistreat the prisoners, or they didn't have control of their troops. Neither is excusable for an officer in the armed forces.
The corollary being that the soldiers who are taking the blame for it are, in a way, scapegoats, because the liability goes up the chain and somebody is getting away with it.
They want very particular types of initiative, in particular the initiative to take command of a situation when necessary. What they do not want is people who question authority.
I did some research a while back on the differences between eastern and western military doctrine in World War II. One of the keys was the the Soviets, for various reasons, allowed very little command flexibility in their ranks. Operations were planned to extremely minute details and all subordinates were expected to stick to the plan no matter what (one big reason was they had poor communications infrastructure to change the plan dynamically).
The west, in contrast, had less detailed plans, and relied on their officers adapting their tactics to the facts on the ground as they appeared.
Parental controls on things like amount of time a user can play a particular game, use an application, or browse the web (while this may seem pointless to most geeks, as a parent I know this will be useful).
Me too. I feel it is important for my children to figure out how to circumvent protection measures like this, thus adding a little extra education to their computing experience.
Kind of like: "Of course you can play Mickey Mouse Toddler, as soon as you crack the password-based encryption I put on the executable. And what do I keep telling you about leaving your Legos on the floor?"
The problem with all this is that a large portion of the country that consumes a lot of power is in areas that don't get enough sunlight per year to be efficient.
Indeed. If only we had some means of moving electricity from one place to another.
The trouble with your solution is that it doesn't scale. GPG and PGP are nice for simple applications, in both communication and storage security, but won't work when you're dealing with huge amounts of data and/or people.
For instance, when you are backing up to tape, you pretty much have to have in-line encryption to avoid copying everything from disk to disk before moving it to tape.
Likewise, the key management details that you are glossing over only appear in large organizations. The problem becomes so complicated that generic solutions to it (PKI) have pretty much all failed.
I work for a company that sells a storage encryption product. With our currently marketed product, on-the-fly encryption typically causes a performance hit of between 2 and 20%, depending on a number of factors. A PCI-X hardware cryptomodule that is currently in development will bring that number down significantly.
You are correct. There are a number of companies trying to build a market in storage encryption, and securing backup tapes is one of the main business drivers.
Their solutions use different architectural approaches, and are all generally straightforward to administer, but businesses are slow to purchase them because of potential compatibility problems, and also because it is often difficult to build ROI cases for security.
So we're better drivers when we are looking at our passengers?
it requires far less attention to communicate with someone who is physically present than with someone who's a disconnected voice on the other end of a telephone line.
I don't buy this. From my experience the opposite is true. On the phone I can just keep going 'Uh huh' and ignore my wife completely. In person, she'd notihttp://images.slashdot.org/slc.gif
http://images.slashdot.org/slc.gifce that I wasn't paying attention and get mad at me.
if a truck suddenly pulls out in front of you... your passenger will tend to notice this and stop talking.
You haven't met my wife.
But seriously, I am skeptical in this regard. I try not to use a cell phone when I am driving because holding the thing to my head, dialing, and even answering it are difficult to do while driving. But headsets are really really close to talking to someone else in the car (probably less distracting than talking to someone in the back seat), and if there is some negligible difference than I seriously doubt it is worth banning them over.
The real problem is that STs and PPs are difficult to read and even harder to understand. In my view, this makes certification for any product whose main functionality isn't specifically covered by a Protection Profile absolutely useless.
For example, there is no Protection Profile defining a secure Operating System (that would be impossible). So Microsoft goes out and certifies their access control mechanism. What does that say about the security of their users? Not much, really. But the government mandates that any product that is deployed to protect sensitive information must have Common Criteria certification.
But what stops a vendor from writing a Security Target that makes trivial claims and then certifying their product against that? Nothing. They'll go through the useless exercise because the government says they have to. In fact, since certification is so expensive, it's in the vendor's best interest to certify against the most trivial claims possible.
Never mind that when you look at the economics of it all, it is in the certification lab's best interest to as shoddy a job as possible without losing their accreditation.
But then again, it's all marketing. So what am I bitching about, exactly?
Indeed, I was only presenting one side of the argument, which is what the article summary contained.
I meant that it amounts to giving money, because granting options amounts to giving shares (at the time the options are exercised), and those shares have monetary value to the employee.
You are correct that granting options does not affect the company's books. That is the counter-argument offered by the tech industry.
However, in general I agree that the practice of expensing options should become mandatory, because stock dilution affects share price in exactly the same way that expenses do. It is not simply naive shareholders who are affected, but any shareholder who does not know how to look at the option grant numbers and calculate a reasonable valuation for them (which is probably all investors excluding investment professionals and accountants).
Faithful translation: [Stock options result] in financial statements that do not faithfully represent the economic transactions affecting the issuer, namely, the receipt and consumption of employee services in exchange for equity instruments...
Stock options amount to the company giving money to employees...
...Financial statements that do not faithfully represent those economic transactions can distort the issuer's reported financial condition and results of operations...
...without showing up on the company's books, making them look a little rosier than they really are...
...which can lead to the inappropriate allocation of resources in the capital markets.
...thus inflating the stock price and ripping off investors.
For the record, PIN to PIN Blackberry e-mails do not pass through the corporate servers. That is exactly why they can't be encrypted. They are routed by RIM's network.
I was involved in a project a couple of years ago to build Blackberry encryption software for the US government (they cancelled it, but we finished the software anyway -- unfortunately no one uses it). The PIN to PIN issue was one of the main reasons the government wanted extra encryption (plus, regular Blackberry e-mails are encrypted right after the corporate gateway and cleartext on the internal network, which is undesirable for sensitive information).
How did the company get the PIN to PINs? I have to assume they were uploaded to the Exchange server when the user connected his Blackberry to his office computer.
A guy I worked with a few years ago wrote a program that did that. It's called Bounce Spam Mail.
I've always thought its effectiveness would be limited because most spammers wouldn't ever see the bounce message. But if what the submitter says is true...
Interestingly, this is exactly a parallel argument to the one regarding television and TiVo et al. When people universally have the ability to filter commercials, almost all of them will. Then the business model for TV will die.
You could object that people would be stupid to block commercials, because the networks would have to go to a channel subscription model and nobody would like that. But people are stupid, whaddaya want?
But I've been thinking lately -- is this going to change the Internet dramatically? How many web sites rely on advertising revenue, and won't get it anymore when everybody is filtering banners?
For instance, I now read Slashdot with no ads, and I'm not a subscriber. Adblock decreases the value proposition of a Slashdot subscription.
While I'm sure pretty much everyone on Slashdot would agree with you, I'll bet there are a great many scammers and con artists who believe the opposite is true.
So let me get this straight: it doesn't matter that people--myself included--are willing to say "sure, let's spend a trillion dollars converting coal plants into nuclear". All that matters is Kyoto; and if you're not in favor of Kyoto, you're "deceived or partisan"?
No, that's a straw man fallacy. I didn't say that opposing the Kyoto protocol makes you deceived or partisan.
I said if you believe the protocol prescribes specific action, as opposed to general targets, then you are deceived or partisan.
I know this because we in Canada have devoted huge amounts of newspaper space to analyzing exactly what Kyoto says, given that we have already ratified it and are trying to figure out how to abide by it.
So let me get this straight: it doesn't matter that people--myself included--are willing to say "sure, let's spend a trillion dollars converting coal plants into nuclear".
If you don't ratify Kyoto, but reduce emissions by a huge amount by building nuclear power plants and shutting down coal plants, then you have probably fulfilled your Kyoto commitments anyway so you might as well ratify it just for the political optics.
But you don't need thousands of pages of legalese and jargon and international diplomacy to say "we're going to cut our carbon emissions by a few percent". The sheer heftiness of the Kyoto plan is strong evidence that implementing Kyoto is nowhere near as simple as its proponents like to believe.
So what you're saying is that you don't know what Kyoto says, but you object to the amount of verbiage?
Actually the parent post is correct. Kyoto just assigns targets and countries are free to meet those targets by whatever means they like. The thousands of pages you mention define a protocol framework (hence the name: 'Kyoto protocol') that allows countries certain amounts of leeway in how they help the environment.
For example:
- 'Carbon sinks' can be counted toward Kyoto goals, so if a country grows more forests, they can meet their target without reducing emissions as much
- Kyoto 'credits' can be traded; so if country X doesn't want to reduce emissions as the protocol requires, it can pay country Y to reduce emissions to a lower level than country Y's target, with the excess counted toward X's target
So rejecting Kyoto isn't a matter of saying 'we want to help the environment in our own way,' it is a matter of saying 'we don't want to help the environment as much as Kyoto would ask.' People who claim the former are either deceived or partisan.
A more realistic complaint against Kyoto is that it does not adequately constrain developing nations. Poor countries, who have low per-capita emissions, are not affected by Kyoto and are pretty much free to ramp up emissions as much as they want. Also, Russia isn't affected because their environmental record in 1990 was so abysmal, and the collapse of its economy meant a huge decrease in emissions for free.
Of course, that isn't an excuse not to ratify Kyoto. It just proves that Kyoto is not sufficient to fully address the problem, and more is needed.
The 'rigging' you are talking about is called gerrymandering, and it happens a lot more in the US than in Canada.
In fact, it doesn't happen in Canada. Electoral district lines are redrawn every 10 years, to correspond to the census. Elections Canada uses the results of the most recent census to draw the boundaries, and there is no partisan input. At least, there's not supposed to be. And I'm sure big red flags would be thrown up if there was an attempt to influence it.
In any case, the most recent riding redistribution hurt the governing party more than it helped them.
I agree with you. The article isn't very specific on how those stats were tallied, but they look extremely suspicious to me.
Back in the day when I used NT 4 for a lot of my work, I had failures requiring reboot typically two or three times a week. This was doing application development.
On Windows 2000, the only system crashes or lockups I get are either due to hardware problems, or else due to device drivers (for some reason SoftICE periodically crashes my Win2K box). But I typically go weeks without a problem.
I have never had Windows XP crash, although admittedly I have used it less than either of the above two.
In my view, the article's stats just don't pass the bulls&!t test.
He kind of has a point, though. Of course, it's silly that IBM would buy them because SCO is cheaper than the value of the legal claims against them, but if SCO stock were to drop enough that the company was cheaper than IBM's legal fees in fighting off the suit, then a takeover would make sense.
IBM could just buy SCO and put it out of everyone else's misery, and save money doing it. Plus, they could get the satisfaction of firing Darl McBride.
I don't think it's too much to ask for people who actually get paid to write this stuff to validate input, no matter where it comes from.
Validating input against assumptions is easy. The hard part is identifying all the assumptions we have to validate against. We often assume things about input without realizing we are assuming them.
For instance: Not too long ago few programmers had any idea they should check input values for SQL control characters before passing it to a database script. They assumed input wouldn't contain any, without realizing they were so assuming.
It's true that many bugs arise from unchecked string lengths, and those are usually pretty easy catch (and to fix), but resolving those problems will only take care of a subset -- though probably a large subset -- of the input-related security flaws out there.
I was actually referring to the fact that a few special privileges in NT are limited to the Local System account, and are not available to any users including administrators.
Slashdot Mirror
RFC 748 was written by the same guy who wrote RFC 4042, issued today.
I also agree that the recent April Fools RFCs aren't all that funny. The Evil Bit last year was pretty lame.
Slashdot would be remiss if they didn't put up the link.
I suspect RFC 4042 will make a cameo on the Slashdot homepage today as well.
I already paid, it comes off my payroll. I want my money back.
Given that they owe me a huge wad of cash, the government might actually be quite happy if I didn't file.
As an aside, in Ontario where I live, there is a checkbox at the end of the tax forms asking if I want to donate all or part of my refund to help pay down Ontario's public debt. If I filed on paper, I would probably add a checkbox saying "Like hell, you greedy bastards", and check that one.
I'm dying to find somebody who actually checks that box every year, because I have some land I want to sell him.
I work with a retired Air Force Captain who has the same perspective. As he explains it, either the officers ordered the troops to mistreat the prisoners, or they didn't have control of their troops. Neither is excusable for an officer in the armed forces.
The corollary being that the soldiers who are taking the blame for it are, in a way, scapegoats, because the liability goes up the chain and somebody is getting away with it.
They want very particular types of initiative, in particular the initiative to take command of a situation when necessary. What they do not want is people who question authority.
I did some research a while back on the differences between eastern and western military doctrine in World War II. One of the keys was the the Soviets, for various reasons, allowed very little command flexibility in their ranks. Operations were planned to extremely minute details and all subordinates were expected to stick to the plan no matter what (one big reason was they had poor communications infrastructure to change the plan dynamically).
The west, in contrast, had less detailed plans, and relied on their officers adapting their tactics to the facts on the ground as they appeared.
Me too. I feel it is important for my children to figure out how to circumvent protection measures like this, thus adding a little extra education to their computing experience.
Kind of like: "Of course you can play Mickey Mouse Toddler, as soon as you crack the password-based encryption I put on the executable. And what do I keep telling you about leaving your Legos on the floor?"
Indeed. If only we had some means of moving electricity from one place to another.
For instance, when you are backing up to tape, you pretty much have to have in-line encryption to avoid copying everything from disk to disk before moving it to tape.
Likewise, the key management details that you are glossing over only appear in large organizations. The problem becomes so complicated that generic solutions to it (PKI) have pretty much all failed.
I work for a company that sells a storage encryption product. With our currently marketed product, on-the-fly encryption typically causes a performance hit of between 2 and 20%, depending on a number of factors. A PCI-X hardware cryptomodule that is currently in development will bring that number down significantly.
Their solutions use different architectural approaches, and are all generally straightforward to administer, but businesses are slow to purchase them because of potential compatibility problems, and also because it is often difficult to build ROI cases for security.
Kasten Chase
Decru
Neoscale
Vormetric
(Disclaimer: I am employed by one of the above companies)
So we're better drivers when we are looking at our passengers?
it requires far less attention to communicate with someone who is physically present than with someone who's a disconnected voice on the other end of a telephone line.
I don't buy this. From my experience the opposite is true. On the phone I can just keep going 'Uh huh' and ignore my wife completely. In person, she'd notihttp://images.slashdot.org/slc.gif http://images.slashdot.org/slc.gifce that I wasn't paying attention and get mad at me.
if a truck suddenly pulls out in front of you ... your passenger will tend to notice this and stop talking.
You haven't met my wife.
But seriously, I am skeptical in this regard. I try not to use a cell phone when I am driving because holding the thing to my head, dialing, and even answering it are difficult to do while driving. But headsets are really really close to talking to someone else in the car (probably less distracting than talking to someone in the back seat), and if there is some negligible difference than I seriously doubt it is worth banning them over.
For example, there is no Protection Profile defining a secure Operating System (that would be impossible). So Microsoft goes out and certifies their access control mechanism. What does that say about the security of their users? Not much, really. But the government mandates that any product that is deployed to protect sensitive information must have Common Criteria certification.
But what stops a vendor from writing a Security Target that makes trivial claims and then certifying their product against that? Nothing. They'll go through the useless exercise because the government says they have to. In fact, since certification is so expensive, it's in the vendor's best interest to certify against the most trivial claims possible.
Never mind that when you look at the economics of it all, it is in the certification lab's best interest to as shoddy a job as possible without losing their accreditation.
But then again, it's all marketing. So what am I bitching about, exactly?
I meant that it amounts to giving money, because granting options amounts to giving shares (at the time the options are exercised), and those shares have monetary value to the employee.
You are correct that granting options does not affect the company's books. That is the counter-argument offered by the tech industry.
However, in general I agree that the practice of expensing options should become mandatory, because stock dilution affects share price in exactly the same way that expenses do. It is not simply naive shareholders who are affected, but any shareholder who does not know how to look at the option grant numbers and calculate a reasonable valuation for them (which is probably all investors excluding investment professionals and accountants).
[Stock options result] in financial statements that do not faithfully represent the economic transactions affecting the issuer, namely, the receipt and consumption of employee services in exchange for equity instruments...
Stock options amount to the company giving money to employees...
I was involved in a project a couple of years ago to build Blackberry encryption software for the US government (they cancelled it, but we finished the software anyway -- unfortunately no one uses it). The PIN to PIN issue was one of the main reasons the government wanted extra encryption (plus, regular Blackberry e-mails are encrypted right after the corporate gateway and cleartext on the internal network, which is undesirable for sensitive information).
How did the company get the PIN to PINs? I have to assume they were uploaded to the Exchange server when the user connected his Blackberry to his office computer.
I've always thought its effectiveness would be limited because most spammers wouldn't ever see the bounce message. But if what the submitter says is true...
You could object that people would be stupid to block commercials, because the networks would have to go to a channel subscription model and nobody would like that. But people are stupid, whaddaya want?
But I've been thinking lately -- is this going to change the Internet dramatically? How many web sites rely on advertising revenue, and won't get it anymore when everybody is filtering banners?
For instance, I now read Slashdot with no ads, and I'm not a subscriber. Adblock decreases the value proposition of a Slashdot subscription.
While I'm sure pretty much everyone on Slashdot would agree with you, I'll bet there are a great many scammers and con artists who believe the opposite is true.
No, that's a straw man fallacy. I didn't say that opposing the Kyoto protocol makes you deceived or partisan.
I said if you believe the protocol prescribes specific action, as opposed to general targets, then you are deceived or partisan.
I know this because we in Canada have devoted huge amounts of newspaper space to analyzing exactly what Kyoto says, given that we have already ratified it and are trying to figure out how to abide by it.
So let me get this straight: it doesn't matter that people--myself included--are willing to say "sure, let's spend a trillion dollars converting coal plants into nuclear".
If you don't ratify Kyoto, but reduce emissions by a huge amount by building nuclear power plants and shutting down coal plants, then you have probably fulfilled your Kyoto commitments anyway so you might as well ratify it just for the political optics.
So what you're saying is that you don't know what Kyoto says, but you object to the amount of verbiage?
Actually the parent post is correct. Kyoto just assigns targets and countries are free to meet those targets by whatever means they like. The thousands of pages you mention define a protocol framework (hence the name: 'Kyoto protocol') that allows countries certain amounts of leeway in how they help the environment.
For example:
- 'Carbon sinks' can be counted toward Kyoto goals, so if a country grows more forests, they can meet their target without reducing emissions as much
- Kyoto 'credits' can be traded; so if country X doesn't want to reduce emissions as the protocol requires, it can pay country Y to reduce emissions to a lower level than country Y's target, with the excess counted toward X's target
So rejecting Kyoto isn't a matter of saying 'we want to help the environment in our own way,' it is a matter of saying 'we don't want to help the environment as much as Kyoto would ask.' People who claim the former are either deceived or partisan.
A more realistic complaint against Kyoto is that it does not adequately constrain developing nations. Poor countries, who have low per-capita emissions, are not affected by Kyoto and are pretty much free to ramp up emissions as much as they want. Also, Russia isn't affected because their environmental record in 1990 was so abysmal, and the collapse of its economy meant a huge decrease in emissions for free.
Of course, that isn't an excuse not to ratify Kyoto. It just proves that Kyoto is not sufficient to fully address the problem, and more is needed.
In fact, it doesn't happen in Canada. Electoral district lines are redrawn every 10 years, to correspond to the census. Elections Canada uses the results of the most recent census to draw the boundaries, and there is no partisan input. At least, there's not supposed to be. And I'm sure big red flags would be thrown up if there was an attempt to influence it.
In any case, the most recent riding redistribution hurt the governing party more than it helped them.
Back in the day when I used NT 4 for a lot of my work, I had failures requiring reboot typically two or three times a week. This was doing application development.
On Windows 2000, the only system crashes or lockups I get are either due to hardware problems, or else due to device drivers (for some reason SoftICE periodically crashes my Win2K box). But I typically go weeks without a problem.
I have never had Windows XP crash, although admittedly I have used it less than either of the above two.
In my view, the article's stats just don't pass the bulls&!t test.
IBM could just buy SCO and put it out of everyone else's misery, and save money doing it. Plus, they could get the satisfaction of firing Darl McBride.
Validating input against assumptions is easy. The hard part is identifying all the assumptions we have to validate against. We often assume things about input without realizing we are assuming them.
For instance: Not too long ago few programmers had any idea they should check input values for SQL control characters before passing it to a database script. They assumed input wouldn't contain any, without realizing they were so assuming.
It's true that many bugs arise from unchecked string lengths, and those are usually pretty easy catch (and to fix), but resolving those problems will only take care of a subset -- though probably a large subset -- of the input-related security flaws out there.
I was actually referring to the fact that a few special privileges in NT are limited to the Local System account, and are not available to any users including administrators.